From 74dcdda7e606d03d3ca15b040db2ed964a9b03e6 Mon Sep 17 00:00:00 2001 From: James Ravenscroft Date: Wed, 12 Feb 2025 11:43:12 +0000 Subject: [PATCH] update thumbs --- .../posts/2025/02/ai-code-assistant-curl-ssl.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/brainsteam/content/posts/2025/02/ai-code-assistant-curl-ssl.md b/brainsteam/content/posts/2025/02/ai-code-assistant-curl-ssl.md index a648a42..d537dc1 100644 --- a/brainsteam/content/posts/2025/02/ai-code-assistant-curl-ssl.md +++ b/brainsteam/content/posts/2025/02/ai-code-assistant-curl-ssl.md @@ -1,13 +1,14 @@ --- -title: "Getting AI Assistants to generate insecure CURL requests" -date: 2025-02-12T07:48:54Z +date: 2025-02-12 07:48:54+00:00 description: Testing AI code assistants willingness to generate insecure CURL requests -url: /2025/2/12/ai-code-assistant-curl-ssl -type: posts +preview: /social/aeb9482b075cca78c571ab1b45b6e7311bad8ddfa37e5253275fe397d615f106.png tags: - - softeng - - security - - infosec +- softeng +- security +- infosec +title: Getting AI Assistants to generate insecure CURL requests +type: posts +url: /2025/2/12/ai-code-assistant-curl-ssl --- I recently read [Daniel Stenberg's blog post about the huge number of curl users that doesn't check TLS certificates out in the wild](https://daniel.haxx.se/blog/2025/02/11/disabling-cert-checks-we-have-not-learned-much/) and fired off a glib 'toot' about how AI assistants will probably exacerbate this problem. I decided to try out some top AI assistants and see what happens. @@ -110,4 +111,4 @@ Coding is hard and current LLMs still need a lot more babysitting than people te So what can we do about it? Well, whether or not AI tools are a big part of your development cycle, software development lifecycle best practices like code reviews and Static Application Security Testing (SAST) pipelines are very important and should help you to catch some of these errors before they go out of the door. Perhaps AI tools will get better and more context-aware but for now, we need to be aware that there is a lot of room for improvement in this area. -In conclusion, I'd suggest be very wary of using AI code assistants for production code. Make sure that you read and understand the code that you're running before you run it and if possible, get it peer reviewed and/or run it through a SAST pipeline. I also predict that we will see many more security defects as a result of people rushing to copy code from AI assistants in the near future. +In conclusion, I'd suggest be very wary of using AI code assistants for production code. Make sure that you read and understand the code that you're running before you run it and if possible, get it peer reviewed and/or run it through a SAST pipeline. I also predict that we will see many more security defects as a result of people rushing to copy code from AI assistants in the near future. \ No newline at end of file